Cognix Platform
CVE-2026-26417
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.
AnalysisAI
Cognix Platform's password reset function fails to properly validate user permissions, enabling authenticated attackers to reset passwords for any user account through specially crafted requests. This broken access control vulnerability affects Cognix Recon Client v3.0 and carries high severity due to the potential for unauthorized account takeovers. No patch is currently available.
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects the password reset component of Cognix Platform. A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Cognix Platform
View allPrivilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume hig
Cognix Platform's web API lacks authentication and authorization controls, enabling unauthenticated remote attackers to
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today